<?php
$error = '';
if(isset($_POST['submit']))
{	
	if($_POST['username'] == '' || $_POST['password'] == '')
	{
		$error = 'Please fill in all the fields';
	}
	else
	{
		$query = " SELECT id FROM user WHERE username = '". mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string(md5($_POST['password']))."'";		
		if(mysql_num_rows(mysql_query($query)) == 0 )
		{
			$error = 'Invalid Login credentials';
		}
		else
		{
			$_SESSION['name'] = 'admin';
			header('location:index.php?page=listing'); exit;
		}
	}
}

?>
<h2>Login</h2>
<?php if(!empty($error)) { ?>
<div class="error"><?php echo $error; ?> </div>
<?php } ?>
<form method="post">
<table cellpadding="2" cellspacing="2" border="0" style="background-color:#000000;">
	<tr style="background-color:#FFFFFF;">
		<td>Username<span style="color:F0F0F0;"> *</span></td><td><input type="text" name="username" /></td>
	</tr>
	<tr style="background-color:#FFFFFF;">		
		<td>Password<span style="color:F0F0F0;"> *</span></td><td><input type="password" name="password" /></td>
	</tr>	
	<tr style="background-color:#FFFFFF;">
		<td colspan="2"><input type="submit" name="submit" value="Login" /></td>			
	</tr>
</table>	
</form>	